Web classification and proxy

‎03-16-201609:01 AM - edited ‎03-16-201609:03 AM

Hello,

on an instant AP (IAP 225, 6.4.2.6-4.1.1.6) I have a problem with web classification. The AP is behind an proxy server that is configured on the AP (proxy server 10.xxx.xxx.xxx 8080), but the AP seems not to be using this connection for the web classification traffic.

Re: Web classification and proxy

‎03-16-201609:12 AM

It is using our internal DNS server, but that serve doesn't have internet domains. And since the AP is in management network and has no direct internet connection it would not help. Do you know if there is a planned support for proxy for the DPI Manager?

Re: Web classification and proxy

‎03-17-201609:28 AM

cjoseph wrote:

1 - The IAP needs to be able to resolve aruba.brightcloud.com via DNS, otherwise it will not work.

When using proxy there should be no need to resolve the DNS. Newertheless I created a separate DNS server with a single entry of aruba.brightcloud.com. After that the AP tried connecting to the brightcloud but still ignored the proxy settings and tried to connect directly to brightcloud.

cjoseph wrote:

2 - It then needs to be able to send traffic to aruba.brightcloud.com over SSL (port 443).

It seems like you have a problem right now with #1. Do you proxy SSL traffic?

This seems to be false. I checket the firewall logs and it is using plain HTTP (port 80) not an SSL connection (port 443)!

There should be no problem proxying HTTP or SSL traffic.

It looks like we found an workaround to this issue:

We created and DNS entry for aruba.brightcloud.com on our DNS servers and pointed it at our transparent proxy server and that looks to be working. But I still think this should be able to work over standard proxy.